It seems 4CHAN was hacked based on outdated systems such as 2012 (maybe 2016) PHP and OPENBSD (2017).
Sounds like they could have prevented the hack by either:
- disabling PDF upload (nobody used that feature anyway), or
- running
freebsd-update fetch install && pkg update && pkg upgradeat some point in the last 10 years.
And they still failed.
Yes it seems they missed badly on the updates and seems like the community had also warned them back in 2021 but they still did not listen. 100% preventable from this particular attack